Image forming apparatus and authentication method

ABSTRACT

An image forming apparatus including applications and system side software for providing system side services to the applications is provided, in which the image forming apparatus includes: an authentication module for displaying an authentication screen on an operation panel of the image forming apparatus, wherein the authentication module allows the image forming apparatus to display a screen for using the image forming apparatus instead of the authentication screen if authentication data input from the authentication screen satisfies an authentication condition, and wherein the authentication module is provided in the image forming apparatus separately from the system side software.

BACKGROUND OF THE INVENTION

[0001] 1. Field of the Invention

[0002] The present invention relates to an image forming apparatus. Moreparticularly, the present invention relates to an image formingapparatus having an authentication capability.

[0003] 2. Description of the Related Art

[0004] Conventional image forming apparatuses such as a printer, copierand the like generally have a use restriction mode. In the userestriction mode, a user inputs the user code in the image formingapparatus, and the image forming apparatus authenticates the user andallows the user to use the image forming apparatus if the user isauthenticated. In addition, the use restriction mode is also provided inan image forming apparatus that includes functions of a copier, aprinter, a facsimile, a scanner and the like in a cabinet.

[0005] In addition, a method is widely used in which a key card, aprepaid card, a coin lack, a card reader or the like is connected to theimage forming apparatus, so that the image forming apparatus releasesuse restriction when a card is set or a coin is thrown in and the imageforming apparatus can perform billing management.

[0006] There are various objectives for performing the use restrictionaccording to activities of corporate sections and the users. Thus, it isrequired to quickly provide an image forming apparatus that includesfunctions for performing use restriction and billing management suitablefor user's objectives.

[0007] However, the conventional authentication method is realized byproviding an authentication capability in system software that isunchangeably provided in the image forming apparatus. Thus, it isdifficult to quickly customize an authentication capability in the imageforming apparatus in response to a user's demand.

[0008] In addition, depending on change of the objective of the userestriction or the billing management, there may be a case where themethod of the use restriction or the billing management should bechanged. Thus, it is required to change the method of the userestriction or the billing management quickly. However, by adopting theauthentication capability that is embedded in the system software, it isdifficult to change the authentication capability that is only a part ofthe system software since the change may affect largely other functionsthat should not be changed in the system software.

SUMMARY OF THE INVENTION

[0009] An object of the present invention is to provide an image formingapparatus and an authentication method that enable the user to easilyadd or change an authentication function according to variousobjectives.

[0010] The object can be achieved by an image forming apparatusincluding applications and system side software for providing systemside services to the applications, the image forming apparatusincluding:

[0011] an authentication module for displaying an authentication screenon an operation panel of the image forming apparatus, wherein theauthentication module allows the image forming apparatus to display ascreen for using the image forming apparatus instead of theauthentication screen if authentication data input from theauthentication screen satisfies an authentication condition,

[0012] wherein the authentication module is provided in the imageforming apparatus separately from the system side software.

[0013] According to the present invention, it is not allowed to changethe authentication screen into an screen for using the image formingapparatus unless the authentication condition is satisfied. Thus, byappropriately setting the authentication screen and the authenticationcondition, use restriction suitable for various objectives can beperformed. In addition, since the authentication module is providedseparately from the system side software that is unchangeably providedin a ROM and the like, the authentication module can be easily added orchanged.

BRIEF DESCRIPTION OF THE DRAWINGS

[0014] Other objects, features and advantages of the present inventionwill become more apparent from the following detailed description whenread in conjunction with the accompanying drawings, in which:

[0015]FIG. 1 shows an external view of the compound machine and theoperation panel;

[0016]FIG. 2 shows a configuration in the case where theauthentication/billing server 150 and the compound machine 100 areconnected via a network;

[0017]FIG. 3 is a block diagram of the compound machine according to thefirst embodiment of the present invention;

[0018]FIG. 4 is a block diagram of the compound machine according to thefirst embodiment of the present invention;

[0019]FIG. 5 shows a hardware configuration of the compound machine 100shown in FIGS. 3 and 4 according to the first embodiment;

[0020]FIG. 6 is a flowchart showing the operation of the compoundmachine 100 when the compound machine 100 is launched;

[0021]FIG. 7 is for explaining the application setting file;

[0022]FIGS. 8A and 8B show information examples in the applicationsetting file;

[0023]FIG. 9 is a flowchart showing the operation of the compoundmachine 100 after the SCS 122 that is one of the control services islaunched;

[0024]FIG. 10 is for explaining setting of the priority application;

[0025]FIG. 11 shows screen state transition on the operation panel 210according to the first embodiment;

[0026]FIG. 12 is a sequence chart for explaining the operation of theauthentication module according to the first embodiment;

[0027]FIG. 13 shows screen state transitions in the second embodiment;

[0028]FIG. 14 shows a configuration in which the authentication/billingserver 150 is connected to the compound machine 100 via a networkaccording to the second embodiment;

[0029]FIG. 15 is a sequence chart for explaining the operation of thecompound machine 100 according to the second embodiment;

[0030]FIG. 16 shows an example of the configuration of theauthentication module 117 that was described in the first and secondembodiments;

[0031]FIG. 17 shows a block diagram of an example of a Java executionenvironment 118 including the authentication module 117 (Java program);

[0032]FIG. 18 shows an example of setting information of authenticationmode;

[0033]FIG. 19 is a figure for explaining an authentication methodaccording to the third embodiment;

[0034]FIG. 20 shows the authentication screen displayed by the systemside authentication control part 501;

[0035]FIG. 21 is a flowchart in the case where the authentication screendisplayed by the system side authentication control part is used;

[0036]FIG. 22 is a figure for explaining an authentication method of thethird embodiment;

[0037]FIG. 23 shows an example of the authentication screen displayed bythe authentication module 117;

[0038]FIG. 24 is a flowchart in the case where the authentication screenby the system side authentication control part and the authenticationscreen by the authentication module are used;

[0039]FIG. 25 shows a configuration in which the compound machine 100communicates with the PDA 601 and the cellular phone 602.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

[0040] (First Embodiment)

[0041] In the following, an outline of the first embodiment of thepresent invention is described with reference to FIGS. 1 and 2.

[0042] The image forming apparatus (referred to as a compound machinehereinafter) of the present embodiment includes hardware resources andapplications. The hardware resources include a display part, a printpart, an image pickup part and the like that are used for imageformation. The applications include a print application, a copyapplication, a facsimile application and the like. In addition, thecompound machine is provided with various control services between theapplications and the hardware resources. The control services managesthe hardware resources, and performs execution control and imageformation processes. Compared with conventional compound machines, anapplication can be added easily in the compound machine of thisembodiment. Therefore, as to the compound machine of this embodiment, bydeveloping a new application suitable for user's needs, the newapplication can be easily added to the compound machine that isoperating at a user's site.

[0043] The compound machine has an operation part (referred to as anoperation panel hereinafter) as shown in FIG. 1 that is commonly usedfor each application. An application can be switched to anotherapplication by pushing an application switching key on the operationpanel.

[0044] The compound machine of this embodiment includes anauthentication module of the present invention. The authenticationmodule is provided in the compound machine separately from theauthentication capability that is unchangeably provided in the systemside. When a screen of the authentication module is displayed on theoperation panel, the screen cannot be changed to a screen of anotherapplication unless the authentication condition is satisfied.Information for realizing authentication used by the authenticationmodule can be provided in the compound machine. Alternatively, theinformation can be provided in an external authentication/billingserver, so that the compound machine requests the authentication/billingserver to perform authentication.

[0045] In addition, accordion to the compound machine of thisembodiment, the authentication module can be set as “priorityapplication”. The priority application is an application that has ascreen control right when the application is launched. That is, when thepriority application is launched in response to power on or system resetof the compound machine, the screen of the priority application isdisplayed first on the operation panel. Thus, by setting theauthentication application as “priority application”, use of a desiredapplication is restricted unless an authentication condition issatisfied. In addition to applications, a software module in the systemside can be set as the priority application. That is, the “priorityapplication” in this specification may include an application and systemside software.

[0046]FIG. 2 shows a configuration in the case where theauthentication/billing server is used. In the configuration shown inFIG. 2, the compound machine 100 and the authentication/billing server150 are connected via a network.

[0047] An outline of the operation of the compound machine in theconfiguration of FIG. 2 is described in the following.

[0048] When the authentication module launches as the priorityapplication, a screen is displayed on the operation panel to prompt for“user code” and “password” that are used for user authentication. Whenthe authentication data is obtained from a card by using a card readerin the compound machine, a message such as “insert a card” is displayedon the operation panel.

[0049] In the following, a case where only a user code is used isdescribed. First, a user who wants to use the compound machine 100inputs the user code from the screen displayed on the operation panel.When the compound machine 100 receives the user code, the compoundmachine 100 sends the user code to the authentication/billing server150. The authentication/billing server 150 checks whether there is datathat is the same as the received user code. If there is the data, theserver 150 returns a message indicating that the authentication succeedsto the compound machine 100. The authentication module displays amessage such as “please select an application key” on the operationpanel and enables the application switching keys.

[0050] If the user pushes a copy key, a screen of the copy applicationis displayed so that the user can copy a document. After copy operationends and after a time (time setting: idle state 30 seconds for example)elapses, “system auto clear” is initiated. Then, the screen of theauthentication module is displayed and the mode is changed to the userestriction mode again.

[0051] Next, the first embodiment of the present invention is describedin detail.

[0052]FIG. 3 is a block diagram of the compound machine according to thefirst embodiment of the present invention. As shown in the figure, thecompound machine 100 includes hardware resources 103, a software group110 and a compound machine launching part 140. The hardware resources103 include a black and white line printer (B&W LP) 101, a color lineprinter 102, and a scanner, a facsimile and the like. The software group110 includes a platform 120 and applications 130. The compound machinelaunching part 140 is executed first when the compound machine is turnedon. The compound machine launch part 140 initializes and diagnoses themachine, and launches each control service and each application.

[0053] The platform 120 includes control services for interpreting aprocessing request from an application to issue an acquiring request forhardware resources, a system resource manager .(SRM) 123 for managingone or more hardware resources and arbitrating acquiring requests fromthe control services, and a general-purpose OS 121.

[0054] The control services include a plurality of service modulesincluding a system control service (SCS) 122, an engine control service(ECS) 124, a memory control service (MCS) 125, an operation panelcontrol service (OCS) 126, a fax control service (FCS) 127, and anetwork control service (NCS) 128. In addition, the platform 120 hasapplication program interfaces (API) that can receive process requestsfrom the applications 130 by using predetermined functions.

[0055] The general purpose OS 121 is a general purpose operating systemsuch as UNIX. The process of the SRM 123 is for performing control ofthe system and performing management of resources with the SCS 122. Theprocess of the SCS 122 performs application management, control ofoperation parts, display of system screen, LED display, resourcemanagement, and interrupt application control. The process of the ECS124 controls engines of the hardware resources. The SCS 122 includes afunction of user authentication in addition to the above-mentionedfunctions. For example, the SCS 122 has an authentication function forallowing the use of the compound machine if a user code and a passwordinput by the user are the same as those registered in the compoundmachine.

[0056] The process of the MCS 125 performs processes on an image memoryand a hard disk apparatus (HDD). The process of the FCS 127 performsprocesses for sending and receiving facsimile. The NCS 128 is a processfor providing services commonly used for applications that need networkI/O. The NCS 128 includes functions for protocol processing forrealizing data communications.

[0057] The OCS 126 controls the operation panel that is a means fortransferring information between the operator (user) and control partsof the machine. In the compound machine 100 of the embodiment, the OCS126 includes an OCS process part and an OCS function library part. TheOCS process part obtains an key event, which indicates that the key ispushed, from the operation panel, and sends a key event functioncorresponding to the key event to the SCS 122. The OCS function libraryregisters drawing functions and other functions for controlling theoperation panel, in which the drawing functions are used for outputtingvarious images on the operation panel on the basis of a request from anapplication or from the control service.

[0058] The applications 130 include a printer application 111 that is anapplication for printing, a copy application 112, a fax application 113that is an application for facsimile, a scanner application 114 that isan application for a scanner. In addition, the compound machine 100 mayinclude additional applications 115 and 116 that are added to thecompound machine as necessary. The additional application can beinstalled (loaded) into the compound machine 100 from a flash card or aSD card and the like as necessary. In addition, the additionalapplication can be launched from the flash card or the SD card. Further,the additional application can be installed or launched from a sever viaa network.

[0059] Further, the compound machine 100 includes the authenticationmodule 117 of the present invention. In the same way as the additionalapplication, the authentication module 117 can be easily added to thecompound machine from the flash card, SD card and a server connected toa network. When a function of the authentication module is changed, anew authentication module can be installed easily. The authenticationmodule can be provided in either of the control service side (FIG. 3)and the application side (FIG. 4).

[0060] Each process of the applications and each process of the controlservices perform processes while performing interprocess communicationby using function calls and by sending return values, and by exchangingmessages. The control services provide common services to theapplications 130. The control services can be called system sidesoftware, and a service provided by the control service to anapplication can be called a system side service.

[0061]FIG. 5 shows a hardware configuration of the compound machine 100shown in FIGS. 3 and 4 according to the first embodiment. As shown inFIG. 5, the compound machine 100 includes a controller board 200, anoperation panel 210, a fax control unit (FCU) 220, a USB device 230, anIEEE1394 device 240, a Bluetooth device 250 and an engine part 260. Thecontroller board 200 includes ASIC 201, a CPU 202, a RAM 203, a ROM 204,a HDD 205, a flash card interface part 206 and a network interfacecontroller 209. The operation panel 210 is directly connected to theASIC 201. The FCU 220, the USB device 230, the IEEE1394 device 240 andthe Bluetooth device 250 and the engine part 260 are connected to theASIC 201 via the PCI bus.

[0062] The network interface controller 209 communicates with otherdevices connected to the network 271 by using MAC addresses. The FCU 220is connected to a telephone network 272. By using the USB device 230,the IEEE1394 device 240 and the Bluetooth device 250, the compoundmachine 100 can connect to other terminals 273-275. The terminals273-275 may be a personal computer, PDA, a cellular phone and the like.The flashcard interface part 206 is an interface for exchanging datawith a flashcard 207 that is inserted into the flashcard interface part206. The compound machine 100 may have a SD card interface part.

[0063] The ROM 204 stores the applications, programs of the controlservices and the SRM 123.

[0064] According to the present embodiment, the authentication module117 is launched directly from the flashcard 207. Alternatively, theauthentication module 117 can be installed into the HDD 205 from theflashcard and can be launched from the HDD 205. The applications such asthe printer application 111, copy application 112, scanner application114 and control services are embedded in the ROM 204 when the compoundmachine 100 is shipped. The applications and the control services arelaunched by the compound machine launch part 140 when the compoundmachine 100 is turned on. Since the authentication function of the SCS122 is embedded in the ROM 204, it is difficult to change theauthentication function. On the other hand, since the authenticationmodule 117 can be launched from the flashcard or the SD card asnecessary, the authentication module 117 can be easily added or changed.

[0065] Next, the operation of the compound machine 100 in thisembodiment will be described in detail.

[0066]FIG. 6 is a flowchart showing the operation of the compoundmachine when the compound machine is launched. This process is performedby the compound machine launch part 140.

[0067] At the time when the compound machine is turned on or thecompound machine is reset, initializing process is performed in step S1.The initializing process includes launch of BIOS (Basic Input/OutputSystem) and launch of boot loader, launch of kernel, initialization anddiagnosis of hardware and the like.

[0068] Next, the compound machine 100 searches the ROM file (romfs file)in a memory medium such as the ROM and the like for an applicationsetting file that is located at a predetermined position in the memorymedium in step S2, and the compound machine 100 searches the applicationsetting file in step S3. For example, as shown in FIG. 7, ROM files(ROM0 and ROM1) are stored in the ROM and the flashcard, in which theapplication setting file exists in each head. FIG. 8A shows an exampleof the application setting file in the ROM, and FIG. 8B shows an exampleof the application setting file in the flashcard. In FIGS. 8A and 8B,“−2” and the like indicates launch priority.

[0069] Next, the compound machine 100 refers to the application settingfile in the ROM, and mounts the ROM file system (romfs) according to amount command. Then, the compound machine 100 checks launch conditionand launch order of applications by referring to the application settingfiles including one in the flashcard (FIG. 8B) in step S4, then,launches applications and control services including the SCS 122 in stepS5. In the example shown in FIGS. 7, 8A and 8B, applications arelaunched in an order A->C->B->D->E.

[0070] In the case where an application is also stored in the hard disk(HDD205), a launcher for launching the application in the hard disk islaunched. The launcher launches the hard disk and waits for completionof preparation of the hard disk in step S6. After that, a ROM file andan application setting file are searched. According to the applicationsetting file, the application is launched in steps S7-S9.

[0071]FIG. 9 is a flowchart showing the operation of the compoundmachine 100 after the SCS 122 that is one of the control services islaunched.

[0072] When the SCS process is launched according to the applicationsetting file, a window is displayed on the operation panel 210 in stepS11 and a message such as “please wait” is shown. During the time,application registration is performed for each launched application(copy, printer and the like) in step S12. The SCS 122 receivesapplication registration request messages from each application, andstores ID of each application in a RAM and the like, so that theapplication registration is performed.

[0073] Next, the compound machine 100 checks whether there is anypriority application by referring to a predetermined region (referred toas “priority application region” hereinafter) in a storage such as RAM203 in step S13. If there is no setting of the priority application inthe priority application region in the storage, a default application(copy application in usual) is set as a priority application in stepS14. If the authentication module is set as the priority application,the authentication module becomes the priority application in step S15.

[0074] To set an application in a priority application region as apriority application means to provide the application with authority(right) to access the operation panel, that is, to set an application ina priority application region as a priority application means to providescreen control right to the application. In the following, a case wherethe authentication module 117 is set as the priority application isdescribed if the authentication module 117 is set as the priorityapplication, the SCS 122 sends a notification message to theauthentication module 117 to notify that the screen control right isprovided to the authentication module 117 in step S16.

[0075] Next, when the authentication module 117 receives thenotification message from the SCS 122, the authentication module 117displays a user authentication screen on the operation panel 210 in stepS17. More specifically, the screen is displayed on the operation panel210 by the OCS 126 in response to receiving a display request from theauthentication module 117. That is, the authentication module 117specifies drawing information for the OCS 126. That is, theauthentication module 117 specifies drawing information and callsdrawing functions, so that the OCS 126 performs processes for displayingthe designated drawing information.

[0076] If the data input from the user authentication screen satisfiesan authentication condition (Y in step S18), a message prompting forselection of an application is displayed on the operation panel with amessage showing permission to use the compound machine 100 in step S19.In the above-mentioned processes, the operations such as key input,button push and the like from the operation panel 210 are sent to theauthentication module via the OCS 126 and the SCS 122.

[0077] When a user selects an application from the operation panel 210,the selected application is notified to the SCS 122. The SCS 122 changessetting of priority application to the selected application. Then, theSCS 122 sends a message to the selected application to notify that thescreen control right is provided to the selected application. Afterthat, the selected application is executed in step S20.

[0078] While the application is executed, at an occasion such as systemauto clear, push of authentication module key, and end of job of theapplication, the screen control right is moved to the authenticationmodule and the authentication module displays an authentication screen.

[0079] In the above-mentioned example, the authentication module 117 isinitially set as a priority application. For setting the authenticationmodule 117 as a priority application, the user selects “priorityapplication setting” from the initial setting screen of the compoundmachine. Then, as shown in FIG. 10, a priority application settingscreen including the added applications (authentication module and thelike) are displayed. Then, the user selects a desired added applicationfrom the screen. Accordingly, the name of the selected application isregistered in the priority application region. When the compound machineis launched, the SCS 122 refers to the information to determine presenceor absence of priority application setting. In this way, it becomespossible to make the authentication module to display an authenticationscreen at the time when the compound machine launches.

[0080] In the above-mentioned process, transition of the state of thescreen on the operation panel 210 is shown in FIG. 11 taking copyapplication as an example.

[0081] As shown in FIG. 11, in response to power on or restart, theauthentication module screen is displayed and the compound machineenters a state (state 1) of waiting for authentication condition input.If an input by a user does not satisfy the authentication condition, theauthentication screen does not change to another screen. If an input bythe user satisfies the authentication condition (authentication OK), thecompound machine displays an application selection screen and enters astate (state 2) of waiting for an application change key event. Then,the compound machine receives an input indicating the selectedapplication, so that the screen changes to a screen of the application.

[0082] For example, when a copy application is selected, a screen forcopying is displayed, and the compound machine enters a copy availablestate (state 3). While the copy application is operating, the screenreturns to the authentication screen in response to an end of a job,system auto clear, detection of key event to return to theauthentication module or the like.

[0083]FIG. 12 is a sequence chart for explaining the operation of theauthentication module 117. In the left side, screen information of theoperation panel 210 corresponding to the operation is shown. Display onthe operation panel 210 and data input from the operation panel 210 areperformed via the OCS 126. However, FIG. 12 does not show the OCS 126,but the SCS 122, the authentication module 117, and the copy application112 are shown.

[0084] In the figure, the authentication module screen (can be alsoreferred to as “authentication screen”) is shown first, and the state isthe authentication condition input waiting state (authenticationcondition input waiting period P1). In this state, if the applicationswitching key event is sent to the SCS 122 and if the SCS 122 sends ascreen release request to the authentication module 117, theauthentication module 117 does not accept the request but returns NG tothe SCS 122. That is, in the authentication condition input waitingperiod P1, the authentication module 117 returns NG for the screenrelease request and does not accept screen release unless there is aninput that satisfies the authentication condition.

[0085] When authentication information such as a user code and apassword is input from the operation panel 210, the SCS 122 notifies theauthentication module 117 of the authentication information, so that theauthentication module 117 checks if the authentication information isvalid. If the authentication succeeds, it is notified to the SCS 122(authentication check).

[0086] In the authenticated period P2, the authentication module 117displays an application switching screen. The application switchingscreen may be displayed by the SCS 122. On the application switchingscreen, if the copy application 122 is selected, a copy applicationswitching key event is sent to the SCS 122, and the SCS 122 sends ascreen release request to the authentication module 117. Since the userhas been authenticated, the authentication module 117 sends a screenrelease OK to the SCS 122.

[0087] The SCS 122 sets the copy application in the priority applicationregion, and sends a message to the copy application to notify that thescreen control right is provided to the application. Then, the copyapplication 112 displays a copy screen. After that, in a copy use periodP3, the copy application is used. While the copy application is used, ifthe authentication module 117 is selected by pushing a key on theoperation panel 210, an authentication module key event is sent to theSCS 122. When the SCS 122 sends a screen release request to the copyapplication, the copy application notifies the SCS 122 of a screenrelease OK. Then, the SCS 122 sets the authentication module 117 in thepriority application region, and sends a message to the authenticationmodule 117 to notify that the screen control right is provided. Then,the authentication module 117 displays the authentication module screen,and the compound machine enters an authentication condition inputwaiting state (authentication condition input waiting period P4). Sincethe compound machine can display the authentication module screenwhile-copy application is operating, it can be prevented that other useruses the compound machine without permission when the authenticated userleaves the compound machine.

[0088] In the case where any authentication module key event is notissued while copying, if the compound machine 100 is left as it is for awhile after the copy operation ends, the SCS 122 causes system autoclear so that the control right is changed to the authentication module117. Then, the authentication module 117 displays the authenticationmodule screen, so that the compound machine enters the authenticationcondition input waiting period P5.

[0089] After the copy operation completes, instead of using theauthentication module 117, a use restriction capability of the SCS 122can be used, in which user restriction can be performed by displaying apopup window showing “please insert a card” and the like.

[0090] As mentioned above, according to the first embodiment, userestriction of the compound machine 100 can be performed by using theauthentication module 117. In the above example, although authenticationis performed by comparing user codes and the like, the authenticationcondition is not limited to the above-mentioned example. Theauthentication condition can be determined appropriately according tousage and demand of the user, and the authentication screen applicableto authentication condition can be displayed. For example,authentication can be performed by using a company's proprietaryemployee card, or by using a fingerprint. Further, the authenticationmethod is not limited to the above-mentioned example. For example, inaddition to a method in which the compound machine 100 checks theauthentication condition, a method can be adopted in which a remoteauthentication/billing server checks the authentication condition. Bychanging the authentication module 117 without changing otherapplications (copy, printer, FAX and the like), the authenticationcondition or the authentication method can be changed. Since it isunnecessary to change other applications, authentication functions ofthe compound machine 100 can be easily customized.

[0091] In addition, according to the present embodiment, a copy screencan be changed to the authentication module screen while copy operationis performed. Thus, even if a user leaves the compound machine 100 afterinstructing the compound machine 100 to copy a large number ofdocuments, the screen can not be changed to other application screenunless authentication is performed again. Therefore, it can be preventedthat other user uses the compound machine. 100 invalidity. In addition,even when the user forgets to change the screen into the authenticationscreen before leaving the compound machine 100, it can be prevented thatan invalid user uses the compound machine 100 since the authenticationscreen can be displayed in response to system auto clear after the copyends.

[0092] (Second Embodiment)

[0093] Next, the second embodiment of the present invention isdescribed. In the second embodiment, the number of copies is managed andthe authentication module 117 counts the remaining number. That is, theauthentication module 117 performs not only authentication but also abilling process.

[0094]FIG. 13 shows screen transitions in the second embodiment. Asshown in the figure, in the second embodiment, while the copyapplication is being used (state 3), if the number of copies exceeds apermissible number, the authentication module 117 displays a warningmessage (state 4). In this case, if the remaining number is updated, thescreen is changed back to the copy screen. If the remaining number isnot updated, the copy operation is stopped so that the screen isreturned to the authentication screen.

[0095] The operation of the compound machine 100 of the secondembodiment is described with reference to the block diagram of FIG. 14and the sequence chart of FIG. 15. FIG. 14 shows a configuration inwhich the authentication/billing server 150 is connected to the compoundmachine 100 via a network.

[0096] After the user inputs a user code and the like on theauthentication module screen, the authentication/billing server 150performs user authentication by comparing registered user code and theinput user code. When the authentication is successful, an availablenumber of copies (referred to as “remaining count”) that can be made bythe authenticated user is sent to the compound machine 100 in step S101.

[0097] The authentication module 117 receives the remaining count viathe NCS 128 and stores the remaining count in a storage such as anonvolatile RAM or a HDD in step S102. In a case when billing isperformed for each user, the remaining count is obtained for each user,and remaining counts for each user can be stored in the storage. Inaddition, for example, in a case when billing is performed for eachsection, remaining counts for each section can be stored in the storage.

[0098] As described in the first embodiment, since the authentication issuccessful, an application selection instruction is displayed on theoperation panel. When the user selects the copy application, the screencontrol right moves to the copy application 112, so that the copy screenis displayed.

[0099] The copy application 112 inquires the authentication module 117whether the remaining count is larger than 0. If the remaining count islarger than 0, the authentication module 117 returns “print OK” in stepS103. The inquiry can be performed via the SCS 122. Alternatively, thecopy application 112 itself may check if there is any remaining count byreferring to the storage.

[0100] When copying is started by the user, the copy application 112sends a print job to the ECS 124 in step S104. The copy engine receivesan instruction corresponding to the job from the ECS 124. Each time thecopy engine makes a copy, the copy engine notifies the ECS 124 of anevent indicating that printing completes in step S105. The event is sentto the authentication module 117 via the SCS 122 in step S106.

[0101] The authentication module 117 updates the remaining count bysubtracting a number of copies that was made from the remaining count instep S107. Then, the authentication module 117 notifies theauthentication/billing server 150 of the remaining count via the NCS 128for each page or periodically in step S108.

[0102] When the remaining count becomes 0, the authentication module 117instructs the copy application 112 to stop printing in step S109. Thisnotification can be also performed via the SCS 122. After that, the copyapplication cancels the copy job and instructs the ECS 124 to stopprinting in step S110. Then, the authentication module 117 displays awarning on the operation panel indicating there is no remaining count.

[0103] If the authentication server 150 updates the remaining count, anew remaining count is sent to the authentication module 117 in stepSill, and the authentication module 117 notifies the copy application112 that the remaining count is updated in step S112. Then, the copyapplication 112 requests the ECS 124 to restart copying in step S113.After that, copying is restarted.

[0104] When the remaining count becomes 0 while copying is performed,the SCS 122 also can perform the process to stop the copy operation. Inthis case, for example, the SCS 122 displays a popup window indicating“please insert a key card”. Accordingly, the use of the copy applicationcan be restricted unless a valid key card is inserted.

[0105] In the above-mentioned example, the authentication module 117collects print completion notification so that the remaining count ismanaged. Alternatively, the authentication module 117 can be configuredto collect information relating to a series of operations, printing,reading, FAX sending and the like that occur when an application is usedin association with the user ID. Accordingly, log information indicatingwho uses what application and the usage can be managed, and billing canbe performed according to the log information.

[0106] As mentioned above, according to the second embodiment, theauthentication module 117 collects log information such as the printcompletion notification. Different from control services such as the SCS122, the authentication module 117 can be easily added to the compoundmachine 100. Thus, it is easy to change the method of collecting the loginformation, so that a billing method suitable for the demand of themarket can be flexibly adopted, and usage of the compound machine 100can be obtained in various forms. For example, by collecting, for eachuser or each section, data such as paper sizes, print settings (doublesided print, integrated print, staple and the like), number of copies,number of occurrences of paper jam and the like, the use status of thecompound machine 100 can be grasped. In addition, by inputtinginformation indicating who makes a copy of what kind of document, or whoscans or faxes what kind of document, the compound machine 100 cancollect the information so that use status of the compound machine 100can be managed more concretely. The information can be easily collectedby configuring the compound machine 100 such that a user can not beallowed to use the compound machine 100 unless the user inputs theinformation in addition to the user code and the password.

[0107] [Configuration of Authentication Module]

[0108]FIG. 16 shows an example of the configuration of theauthentication module 117 that was described in the first and secondembodiments. As shown in FIG. 16, the authentication module 117 includesan authentication control part 301, an authentication data managementpart 302, a use restriction management part 303 and a use statusmanagement part 304. The authentication management part 301 includes anoperation screen release determination part 3011 and a key/even/timermonitoring part 3012.

[0109] The authentication control part 301 has a function for displayingan authentication screen of the authentication module 117 after thecompound machine 100 is turned on, the system is reset, or a job such asprinting ends. The authentication control part 301 determines whetherdata (user code, for example) input from the authentication screensatisfies an authentication condition. For example, the authenticationcontrol part 301 compares an input user code and a registered user code,and determines that the authentication is successful if they are thesame. An application that the user wants to use cannot be used unlessthe authentication is successful. The operation screen releasedetermination part 3011 has a function to determine whether theauthentication screen is released for another screen of an applicationaccording to the authentication result. The key/event/timer monitoringpart 3012 has a function for monitoring input key, event and timeout ofa timer.

[0110] The authentication control part 301 in the authentication module117 can be added to the compound machine 100 from an IC card, SD card,or a sever via a network.

[0111] The authentication data management part 302 performs managementof authentication data such as user codes and passwords and managementof information systematically. In response to an inquiry from theauthentication control part 301, the authentication data management part302 obtains necessary data and returns the data to the authenticationcontrol part 301. In addition, the authentication data management part302 may determine whether input data satisfies an authenticationcondition, and return the determination result to the authenticationcontrol part 301. Further, the authentication data management part 302has an update/edit function for authentication data.

[0112] The use restriction management part 303 has a function forperforming use restriction for each application for each user or foreach group (section). For example, if a setting is made in which aspecific section is allowed to use an specific application, the userestriction management part 303 compares a section name input via a userestriction screen displayed by the authentication control part 301 withthe setting information, and determines whether the specific applicationcan be used. In addition to the function of use restriction for eachapplication, the use restriction management part 303 has a function toset an upper limit of usage (number of copies, for example) of aspecific application for each user or for each section. When the usagereaches the upper limit, the use restriction management part 303notifies the authentication control part 301 of it.

[0113] The use status management part 304 has a function to manage usestatus of an application for each authenticated user or group. Forexample, if the application is the copy application, the use statusmanagement part 304 manages the number of copies. If the application isan application using a network, the use status management part 304manages logs which are destinations of transmitted data, for example.

[0114] Data managed by the above-mentioned management parts may bestored in the hard disk of the compound machine 100. In addition,instead of providing the management parts in the compound machine 100,the management parts can be provided in an external server connected viaa network.

[0115] [Other Configuration Example of the Authentication Module]

[0116] As mentioned above, the authentication module 117 of the presentinvention can be added or changed easily compared with a conventionalauthentication capability (authentication capability in SCS 122 forexample) in the system side. That is, the authentication module 117 canbe changed according to demands of a user and the changed authenticationmodule 117 can be installed in the compound machine 100 as necessary.

[0117] By implementing the authentication module 117 by using a Javaprogram, the authentication module 117 can be downloaded from anexternal server and can be executed immediately. Therefore, theauthentication module 117 can be added and changed more easily.

[0118]FIG. 17 shows a block diagram of an example of a Java executionenvironment 118 including the authentication module 117 (Java program).The Java execution environment is located at the application layer inthe configuration of the compound machine 100 shown in FIG. 3.

[0119] As shown in FIG. 17, the Java execution environment 118 includesthe authentication module 117 that is a Java program, a class library401, a virtual machine 402, and a program loader 403. FIG. 17 also showsa Web server 400 that provides Java programs. The compound machine 100and the Web server 400 is connected via a network.

[0120] The class library 401 includes a class library necessary forexecuting the Java program ana a class library for providing servicesfor operating the compound machine 100. The virtual machine 402interprets and executes the Java program. The program loader downloadsthe Java program from the Web server 400 and performs executionmanagement. In the environment, a developed Java program is uploaded inthe Web server 400 beforehand. Then, the program loader 403 accesses theWeb server 400 and downloads a Java program that the user wants, andexecutes the Java program.

[0121] (Third Embodiment)

[0122] Next, the third embodiment of the present invention is described.In the third embodiment, an authentication capability (included in SCS122 for example) that is unchangeably included in the system side andthe authentication module 117 are used by switching them. Hereinafter,the authentication capability in the system side is called “system sideauthentication control part”. In the following, a mode in whichauthentication is performed by using the system side authenticationcontrol part is called “standard authentication mode”, and a mode inwhich authentication is performed by using the authentication module 117is called “additional authentication mode”.

[0123] [Example Using an Authentication Screen Displayed by the SystemSide Authentication Control Part]

[0124] In the following, a case is described in which authentication isperformed by the system side authentication control part or theauthentication module 117 by using the authentication screen displayedby the system side authentication control part.

[0125] In this embodiment, the standard authentication mode or theadditional authentication mode is set for each application by using aninitial setting screen and the like. FIG. 18 shows an example of settinginformation. In the example shown in FIG. 18, the standardauthentication mode is set for copy application and additionalapplication 2, and the additional authentication mode is set for scannerapplication and additional application 1. For Fax application, there isno use restriction setting.

[0126] As shown in FIG. 19 that is a schematic diagram of the compoundmachine 100, in the additional authentication mode, data input from theauthentication screen displayed by the system side authenticationcontrol part 501 is passed to the authentication module 117 and anauthentication result is passed to the system side authenticationcontrol part 501. FIG. 20 shows the authentication screen displayed bythe system side authentication control part 501. This authenticationscreen is called “authentication screen A”. The authentication screen Ais a screen for prompting for a user code and a password.

[0127] In the following, the operation of this case is described withreference to a flowchart shown in FIG. 21.

[0128] After the compound machine 100 is turned on in step S201, thesystem side authentication control part 501 displays the authenticationscreen A on the operation panel in step S202. The user selects anapplication by pushing an application switching key on the operationpanel in step S203. In addition, the user inputs the user code and thepassword from the authentication screen A in step S204. The system sideauthentication control part 501 obtains the key information.

[0129] The system side authentication control part 501 checks theauthentication mode for the selected application from the settings shownin FIG. 18 in step S205. If the mode is the standard authenticationmode, the system side authentication control part 501 performs theauthentication by comparing data stored in the compound machine 100 andthe input data in step S206. If the authentication is successful, ascreen of the selected application is displayed instead of theauthentication screen A in step S207.

[0130] If the mode is the additional authentication mode, the systemside authentication control part 501 sends the input user code and thepassword to the authentication module 117 in step S208.

[0131] The authentication module 117 performs authentication byreferring to authentication data and use restriction data managed by theauthentication module 117 on the basis of the input user code and thepassword in step S209. As a result of the authentication, if theselected application can be used by the user, the authentication module117 sends a usable notification to the system side authenticationcontrol part 501 in step S210. In the case where the authenticationmodule 117 sends the user code and the password to a external server torequest authentication, the authentication module 117 sends anauthentication result to the system side authentication control part 501after receiving an authentication result from the server. When thesystem side authentication control part 501 receives successfulnotification, the system side authentication control part 501 allows theselected application to display the application's screen, and theapplication's screen is displayed instead of the authentication screen Ain step S211.

[0132] [Example Using the Authentication Screen by the System SideAuthentication Control Part and the Authentication Screen by theAuthentication Module]

[0133] Next, an example is explained in which the authentication screendisplayed by the system side authentication control part 501 and theauthentication screen displayed by the authentication module 117 areused. The mode settings are the same as those shown in FIG. 18 also inthis case.

[0134] In this example, as shown in FIG. 22, the authentication screendisplayed by the authentication module 117 is used for performingauthentication for an application corresponding to the additionalauthentication mode, and the authentication module 117 performs theauthentication. For an application corresponding to the standardauthentication mode, the authentication screen A displayed by the systemside authentication control part 501 is used for performingauthentication, and the system side authentication control part 501performs the authentication. Between the system side authenticationcontrol part 501 and the authentication module 117, information onscreen release and the like is exchanged. FIG. 23 shows an example ofthe authentication screen displayed by the authentication module 117.This screen is called “authentication screen B”.

[0135] In the following, the operation of this case is described withreference to a flowchart shown in FIG. 24. In the following process, theauthentication module is already set as the priority application.

[0136] After the compound machine 100 is turned on in step S301, theauthentication module 117 displays the authentication screen B on theoperation panel in step S302. The user selects an application by pushingan application switching key on the operation panel in step S303. Theauthentication module 117 checks the authentication mode for theselected application from the settings shown in FIG. 18 in step S304.

[0137] If the mode for the selected application is the standardauthentication mode, since the application is not a target of theauthentication module 117, the authentication module 117 passes thescreen control right to the system side authentication control part 501in step S305. Then, the system side authentication control part 501displays the authentication screen A in step S306.

[0138] The system side authentication control part 501 performs theauthentication by comparing data stored in the compound machine 100 andthe input data in step S307. If the authentication is successful, ascreen of the selected application is displayed instead of theauthentication screen A in step S308, so that the user can use theselected application.

[0139] If the mode for the selected application is the additionalauthentication mode, since the selected application is a target of theauthentication module 117, the authentication module 117 performsauthentication on the basis of data input from the authentication screenB that is already displayed in step S309. If the authentication issuccessful, a screen of the selected application is displayed instead ofthe authentication screen B in step S311, so that the user can use theselected application.

[0140] As described in the first embodiment, while the selectedapplication is being used, the screen is returned to the authenticationscreen B in response to completion of a job such as printing job, systemauto clear or the like.

[0141] In addition, when an application is selected by pushing anapplication switching key while the authentication screen A or a screenof another application is displayed, if the selected application is atarget of the authentication module 117, the screen is changed to theauthentication screen B.

[0142] (Fourth Embodiment)

[0143] In the following, the fourth embodiment of the present inventionis described.

[0144] In the embodiments described so far, data used for authenticationis input by the user from the operation panel of the compound machine100. Alternatively, the data can be input from a PDA (personal digitalassistant) or a cellular phone that has data communication capability.In this embodiment, a case where data is input from the PDA or thecellular phone is described.

[0145]FIG. 25 shows a configuration in which the compound machine 100communicates with the PDA 601 and the cellular phone 602. As shown inFIG. 25, the compound machine 100 is connected to a network 603 (LAN orWAN such as the Internet). The connection can be realized by either ofwired method or wireless method via a wireless LAN card 604. Inaddition, the compound machine 100 can be provided with a function fordirectly connecting to the PDA 601 by using an ad-hoc network. Inaddition, the compound machine 100 can be provided with a function forcommunicating with the cellular phone 602 by using an extensioncapability.

[0146] The compound machine 100 includes a data communication protocolprocessing function 605, a Web server function 606, and a screen datageneration function 607 for generating authentication screen data. Thescreen data generation function 607 is provided in the authenticationmodule 117 for example. Other parts of the compound machine 100 are thesame as those described so far. By adopting such configuration, datacommunication can be performed between the compound machine 100 and thePDA 601 or the cellular phone 602. In the following, the operation atthe time when authentication is performed is described. The PDA 601 andthe cellular phone 602 are collectively called “potable terminal”.

[0147] First, the portable terminal accesses the compound machine 100 byspecifying a URL or an IP address of the compound machine 100. Then, thecompound machine 100 generates HTML data or XML data corresponding to ascreen for prompting for authentication information, and sends the datato the portable terminal.

[0148] The portable terminal that receives the screen data displays ascreen such as one shown in FIG. 20 or FIG. 23 on a screen display partof the portable terminal. Then, the user of the portable terminal inputsnecessary authentication data and sends the data to the compound machine100.

[0149] By once registering the authentication data in the portableterminal, the input operation becomes easier from the next time. In thecase where the cellular phone communicates with the compound machine 100by using the extension capability in which an extension number isassigned to the compound machine 100 beforehand, by sending theauthentication data at the time when the cellular phone originates acall to the compound machine 100, the operation becomes further easier.

[0150] The compound machine 100 that receives the authentication dataperforms authentication by a method described in the third embodiment,for example. When the authentication is successful, the screen of thecompound machine 100 changes to a selected application, so that theapplication can be used. Selection of the application can be performedeither on the compound machine 100 or from the portable terminal.

[0151] As mentioned above, according to the present invention, an imageforming apparatus including applications and system side software forproviding system side services to the applications is provided, in whichthe image forming apparatus includes:

[0152] an authentication module for displaying an authentication screenon an operation panel of the image forming apparatus, wherein theauthentication module allows the image forming apparatus to display ascreen for using the image forming apparatus instead of theauthentication screen if authentication data input from theauthentication screen satisfies an authentication condition,

[0153] wherein the authentication module is provided in the imageforming apparatus separately from the system side software.

[0154] According to the present invention, it is not allowed to changethe authentication screen into an screen for using the image formingapparatus unless the authentication condition is satisfied. Thus, byappropriately setting the authentication screen and the authenticationcondition, use restriction suitable for various objectives can beperformed. In addition, since the authentication module is providedseparately from the system side software that is unchangeably providedin a ROM and the like, the authentication module can be easily added orchanged.

[0155] In the image forming apparatus, the system side software mayinclude an authentication function part, and when a specific applicationis selected by a user, the image forming apparatus refers to informationindicating correspondences between each application and theauthentication module or the authentication function part, and performsauthentication by using the authentication module or the authenticationfunction part that corresponds to the specific application. Accordingly,it becomes possible to use the authentication function part and theadditionally provided authentication module selectively for eachapplication.

[0156] The image forming apparatus may further includes a part forexecuting the authentication module from an external recording medium,or a part for loading the authentication module into the image formingapparatus from the external recording medium and executing theauthentication module. Therefore, a customized authentication module canbe executed as necessary.

[0157] The image forming apparatus may further include an authenticationmodule execution part for downloading the authentication module from aserver that is connected to the image forming apparatus via a network,and executing the authentication module. The authentication module maybe a Java program, and the authentication module execution part includesa class library and a virtual machine. According to this configuration,the authentication module can be added or changed more easily.

[0158] The image forming apparatus may further includes a communicationpart used for performing wireless data communications with a portableterminal,

[0159] wherein the authentication module performs authentication byusing authentication data received from the portable terminal via thecommunication part. In addition, the image forming apparatus may furtherincludes a part for generating image data corresponding to a screen forprompting for authentication data in the portable terminal, and sendingthe image data to the portable terminal.

[0160] According to the present invention, the authentication data canbe input not only from the operation panel but also from the portableterminal such as a PDA and a cellular phone.

[0161] In the image forming apparatus, the authentication data mayinclude a section name or a purpose of using an application.Accordingly, authentication for various objectives can be performed.

[0162] The compound machine may further include a part for displaying anauthentication screen of the authentication module first when the imageforming apparatus is started.

[0163] According to the present invention, the authentication screen canbe immediately displayed after the image forming apparatus is turned on,so that use restriction can be performed.

[0164] In the image forming apparatus, if the image forming apparatusdetects an end of a job, system auto clear, or a key input instructingto use the authentication module while the image forming apparatusdisplays a screen other than the authentication screen on the operationpanel, the image forming apparatus may display the authentication screeninstead of the screen other than the authentication screen.

[0165] According to the present invention, even when a job ends afterthe user leaves the image forming apparatus while using it, theauthentication screen can be displayed automatically. In addition, theauthentication screen can be also displayed automatically when thesystem auto clear function works. In addition, the authentication screencan be also displayed automatically by inputting a key for using theauthentication module while using the image forming apparatus.

[0166] In the image forming apparatus, if the image forming apparatusdetects elapse of a predetermined time after an end of a job, the imageforming apparatus may launch the system auto clear function and displaythe authentication screen.

[0167] In the image forming apparatus, the authentication module mayinclude a part for collecting log information relating to use of theimage forming apparatus. In addition, the authentication module maycollect a print completion notification as the log information, anddisplay a warning on the operation panel when the number of sheetsprinted reaches a predetermined number.

[0168] The present invention is not limited to the specificallydisclosed embodiments, and variations and modifications may be madewithout departing from the scope of the present invention.

What is claimed is:
 1. An image forming apparatus including applicationsand system side software for providing system side services to theapplications, the image forming apparatus comprising: an authenticationmodule for displaying an authentication screen on an operation panel ofthe image forming apparatus, wherein the authentication module allowsthe image forming apparatus to display a screen for using the imageforming apparatus instead of the authentication screen if authenticationdata input from the authentication screen satisfies an authenticationcondition, wherein the authentication module is provided in the imageforming apparatus separately from the system side software.
 2. The imageforming apparatus as claimed in claim 1, wherein the system sidesoftware includes an authentication function part, and wherein, when aspecific application is selected by a user, the image forming apparatusrefers to information indicating correspondences between eachapplication and the authentication module or the authentication functionpart, and performs authentication by using the authentication module orthe authentication function part that corresponds to the specificapplication.
 3. The image forming apparatus as claimed in claim 1, theimage forming apparatus further comprising a part for executing theauthentication module from an external recording medium, or a part forloading the authentication module into the image forming apparatus fromthe external recording medium and executing the authentication module.4. The image forming apparatus as claimed in claim 1, the image formingapparatus further comprising an authentication module execution part fordownloading the authentication module from a server that is connected tothe image forming apparatus via a network, and executing theauthentication module.
 5. The image forming apparatus as claimed inclaim 4, wherein the authentication module is a Java program, and theauthentication module execution part includes a class library and avirtual machine.
 6. The image forming apparatus as claimed in claim 1,the image forming apparatus further comprising a communication part usedfor performing wireless data communications with a portable terminal,wherein the authentication module performs authentication by usingauthentication data received from the portable terminal via thecommunication part.
 7. The image forming apparatus as claimed in claim6, the image forming apparatus further comprising a part for generatingimage data corresponding to a screen for prompting for authenticationdata in the portable terminal, and sending the image data to theportable terminal.
 8. The image forming apparatus as claimed in claim 1,wherein the authentication data includes a section name or a purpose ofusing an application.
 9. The image forming apparatus as claimed in claim1, the image forming apparatus further comprising a part for displayingan authentication screen of the authentication module first when theimage forming apparatus is started.
 10. The image forming apparatus asclaimed in claim 1, wherein, if the image forming apparatus detects anend of a job, system auto clear, or a key input instructing to use theauthentication module while the image forming apparatus displays ascreen other than the authentication screen on the operation panel, theimage forming apparatus displays the authentication screen instead ofthe screen other than the authentication screen.
 11. The image formingapparatus as claimed in claim 10, wherein, if the image formingapparatus detects elapse of a predetermined time after an end of a job,the image forming apparatus launches the system auto clear function anddisplays the authentication screen.
 12. The image forming apparatus asclaimed in claim 1, the authentication module comprising a part forcollecting log information relating to use of the image formingapparatus.
 13. The image forming apparatus as claimed in claim 12,wherein the authentication module collects a print completionnotification as the log information, and displays a warning on theoperation panel when the number of sheets printed reaches apredetermined number.
 14. An authentication method used for an imageforming apparatus including applications and system side software forproviding system side services to the applications, the image formingapparatus comprising an authentication module separately from the systemside software, wherein the authentication module displays anauthentication screen on an operation panel of the image formingapparatus, and allows the image forming apparatus to display a screenfor using the image forming apparatus instead of the authenticationscreen if authentication data input from the authentication screensatisfies an authentication condition.
 15. The authentication method asclaimed in claim 14, wherein the system side software includes anauthentication function part, and wherein, when a specific applicationis selected by a user, the image forming apparatus refers to informationindicating correspondences between each application and theauthentication module or the authentication function part, and performsauthentication by using the authentication module or the authenticationfunction part that corresponds to the specific application.
 16. Theauthentication method as claimed in claim 14, wherein the image formingapparatus executes the authentication module from an external recordingmedium, or the image forming apparatus loads the authentication modulefrom the external recording medium and executes the authenticationmodule.
 17. The authentication method as claimed in claim 14, whereinthe image forming apparatus downloads the authentication module from aserver that is connected to the image forming apparatus via a network,and executes the authentication module.
 18. The authentication method asclaimed in claim 14, the image forming apparatus further comprising acommunication part used for performing wireless data communications witha portable terminal, wherein the authentication module performsauthentication by using authentication data received from the portableterminal via the communication part.
 19. The authentication method asclaimed in claim 14, wherein, if the image forming apparatus detects anend of a job, system auto clear, or a key input instructing to use theauthentication module while the image forming apparatus displays ascreen other than the authentication screen on the operation panel, theimage forming apparatus displays the authentication screen instead ofthe screen other than the authentication screen.
 20. The authenticationmethod as claimed in claim 14, wherein the authentication modulecollects log information relating to use of the image forming apparatus.21. A computer program to be executed on an image forming apparatusincluding applications and system side software for providing systemside services to the applications, the computer program comprising:program code means for displaying an authentication screen on anoperation panel of the image forming apparatus; program code means forallowing the image forming apparatus to display a screen for using theimage forming apparatus instead of the authentication screen ifauthentication data input from the authentication screen satisfies anauthentication condition, wherein the computer program is provided inthe image forming apparatus separately from the system side software.22. The computer program as claimed in claim 21, the image formingapparatus further comprising a communication part used for performingwireless data communications with a portable terminal, wherein thecomputer program comprises program code means for performingauthentication by using authentication data received from the portableterminal via the communication part.
 23. The computer program as claimedin claim 21, the computer program comprising program code means forcollecting log information relating to use of the image formingapparatus.
 24. The computer program as claimed in claim 23, the computerprogram comprising program code means for collecting a print completionnotification as the log information, and displaying a warning on theoperation panel when the number of sheets printed reaches apredetermined number.
 25. A computer readable medium storing a computerprogram to be executed on an image forming apparatus includingapplications and system side software for providing system side servicesto the applications, the computer program comprising: program code meansfor displaying an authentication screen on an operation panel of theimage forming apparatus; program code means for allowing the imageforming apparatus to display a screen for using the image formingapparatus instead of the authentication screen if authentication datainput from the authentication screen satisfies an authenticationcondition, wherein the computer program is provided in the image formingapparatus separately from the system side software.
 26. The computerreadable medium as claimed in claim 25, the image forming apparatusfurther comprising a communication part used for performing wirelessdata communications with a portable terminal, wherein the computerprogram comprises program code means for performing authentication byusing authentication data received from the portable terminal via thecommunication part.
 27. The computer readable medium as claimed in claim25, the computer program comprising program code means for collectinglog information relating to use of the image forming apparatus.
 28. Thecomputer readable medium as claimed in claim 27, the computer programcomprising program code means for collecting a print completionnotification as the log information, and displaying a warning on theoperation panel when the number of sheets printed reaches apredetermined number.